Skip to main content
SpringerLink
Log in

A Hybrid Command Sequence Model for Anomaly Detection

  • Conference paper
Advances in Knowledge Discovery and Data Mining (PAKDD 2007)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 4426))

Included in the following conference series:

Abstract

A new anomaly detection method based on models of user behavior at the command level is proposed as an intrusion detection technique. The hybrid command sequence (HCS) model is trained from historical session data by a genetic algorithm, and then it is used as the criterion in verifying observed behavior. The proposed model considers the occurrence of multiple command sequence fragments in a single session, so that it could recognize non-sequential patterns. Experiment results demonstrate an anomaly detection rate of higher than 90%, comparable to other statistical methods and 10% higher than the original command sequence model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kim, H.J.: Biometrics, Is It a Viable Proposition for Identity Authentication and Access Control? Computers & Security 14(3), 205–214 (1995)

    Article  Google Scholar 

  2. Computer Security Institute: CSI/FBI Computer Crime and Security Survey Results Quantify Financial Losses. Computer Security Alert 181 (1998)

    Google Scholar 

  3. Biermann, E., Colete, E., Venter, L.M.: A Comparison of Intrusion Detection Systems. Computers & Security 20(8), 676–783 (2001)

    Article  Google Scholar 

  4. Axelsson, S.: Intrusion Detection Systems: A Survey and Taxonomy. Technical Report 99-15, Dept. of Computer Engineering, Chalmers University of Technology, Sweden

    Google Scholar 

  5. Murali, A., Rao, M.: A Survey on Intrusion Detection Approaches. In: Proc. of ICICT, pp. 233–240 (2005)

    Google Scholar 

  6. Schonlau, M., et al.: Computer Intrusion: Detecting Masquerades. Statistical Science 16(1), 58–74 (2001)

    Article  MATH  MathSciNet  Google Scholar 

  7. Odaka, T., Shirai, H., Ogura, H.: An Authentication Method Based on the Characteristics of the Command Sequence. IEICE J85-D-I(5), 476–478 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graduate School of Engineering, University of Fukui, Fukui-shi, 910-8507, Japan

    Zhou Jian, Haruhiko Shirai, Isamu Takahashi, Jousuke Kuroiwa, Tomohiro Odaka & Hisakazu Ogura

Authors
  1. Zhou Jian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Haruhiko Shirai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Isamu Takahashi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jousuke Kuroiwa
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Tomohiro Odaka
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Hisakazu Ogura
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Zhi-Hua Zhou Hang Li Qiang Yang

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer Berlin Heidelberg

About this paper

Cite this paper

Jian, Z., Shirai, H., Takahashi, I., Kuroiwa, J., Odaka, T., Ogura, H. (2007). A Hybrid Command Sequence Model for Anomaly Detection. In: Zhou, ZH., Li, H., Yang, Q. (eds) Advances in Knowledge Discovery and Data Mining. PAKDD 2007. Lecture Notes in Computer Science(), vol 4426. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71701-0_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-71701-0_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-71700-3

  • Online ISBN: 978-3-540-71701-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation